By EditorDavid from Slashdot's servers-without-borders department
"A foreign power with possible unbridled access to Europe's data is causing alarm in the region. No, it's not China. It's the U.S.," writes Bloomberg (in an article shared by hackingbear).
"As the U.S. pushes ahead with the 'Cloud Act' it enacted about a year ago, Europe is scrambling to curb its reach."
Under the act, all U.S. cloud service providers, from Microsoft and IBM to Amazon -- when ordered -- have to provide American authorities with data stored on their servers, regardless of where it's housed. With those providers controlling much of the cloud market in Europe, the act could potentially give the US the right to access information on large swaths of the region's people and companies.
The U.S. says the act is aimed at aiding investigations. But some people are drawing parallels between the legislation and the National Intelligence Law that China put in place in 2017 requiring all its organisations and citizens to assist authorities with access to information. The Chinese law, which the US says is a tool for espionage, is cited by President Donald Trump's administration as a reason to avoid doing business with companies like Huawei Technologies. "I don't mean to compare US and Chinese laws, because obviously they aren't the same, but what we see is that on both sides, Chinese and American, there is clearly a push to have extraterritorial access to data," said Ms Laure de la Raudiere, a French lawmaker who co-heads a parliamentary cyber-security and sovereignty group. "This must be a wake up call for Europe to accelerate its own, sovereign offer in the data sector."Read Replies (0)
By EditorDavid from Slashdot's dev-TLD department
On Thursday, Google began officially selling their new .dev domains to anyone, Engadget reports:
To claim a .dev, all you need to do is sign up with your registrar of choice (Google, naturally, is an option). As a bonus, Google is offering a free .dev domain to anyone who applied for a ticket to the Google I/O event happening this May.
The domains will be secure by default, as they all require HTTPS, and Google has already moved many of its own sites (including web.dev, opensource.dev and flutter.dev) to the domain.
"The internet has come a long way from the days of .com, .org and .net," writes Engadget. "Now, you can get domains ending in anything from .cool to .ninja."Read Replies (0)
By EditorDavid from Slashdot's investigating-an-API department
Remember when dozens of Americans said their names were used for fake comments sent to America's FCC opposing net neutrality?
Now Gizmodo's taken a hard look at their past interviews with Dan Germain, the CTO of a company that helps lobbyists construct digital "grassroots" campaigns -- and at the conservative nonprofit Center for Individual Freedom (CFIF).
Attempting to confirm or disprove the alleged link between CQ and CFIF, Gizmodo initiated its own review of the API data logs last week, focusing on comments from dozens of people who claim they were impersonated online.... [T]imestamps contained in the API logs reveal an unmistakable correlation between the use of CQ's API key and numerous identical comments containing CFIF's text... By comparing the API logs to comment data that the FCC had already made publicly available, Gizmodo found more than a dozen comments containing CFIF's boilerplate language... In each successful case, the comments were received by the FCC while CQ's API key was in use, with the logs reflecting deviations in the timestamps roughly equivalent to the blink of an eye...
Prior to CQ becoming a subject of interest in an ongoing criminal investigation, Germain explained at length that his company had created a platform specifically to direct comments to the FCC and that it had been operational since at least 2016.... Whereas many of the groups responsible for uploading millions of comments requested only one or two API keys, logs show that CQ, over a period of several months, requested no fewer than 114.
The article notes that identical comments using language from CFIF "are now suspected of having been uploaded using CQ's software" -- and that they were submitted to the FCC "several hundred thousand times."Read Replies (0)
By EditorDavid from Slashdot's never-buying-pens department
rfengineer tipped us off to this story. The Atlantic reports:
Your office is a den of thieves. Don't take my word for it: When a forensic-accounting firm surveyed workers in 2013, 52 percent admitted to stealing company property. And the thievery is getting worse. The Association of Certified Fraud Examiners reports that theft of "non-cash" property -- ranging from a single pencil in the supply closet to a pallet of them on the company loading dock -- jumped from 10.6 percent of corporate-theft losses in 2002 to 21 percent in 2018. Managers routinely order up to 20 percent more product than is necessary, just to account for sticky-fingered employees.
Some items -- scissors, notebooks, staplers -- are pilfered perennially; others vanish on a seasonal basis: The burn rate on tape spikes when holiday gifts need wrapping, and parents ransack the supply closet in August, to avoid the back-to-school rush at Target. After a new Apple gadget is released, some workers report that their company-issued iPhone is broken -- knowing that IT will furnish a replacement, no questions asked. What's behind this 9-to-5 crime wave? Mark R. Doyle, the president of the loss-prevention consultancy Jack L. Hayes International, points to a decrease in supervision, the ease of reselling purloined products online, and what he alleges is "a general decline in employee honesty."
The report advises companies that the best way to reduce fraud was with surprise audits and data monitoring.
Another interesting statistic? "Fraudsters" who'd been with their company for more than five years "stole twice as much."Read Replies (0)
By EditorDavid from Slashdot's it's-complicated department
Slate's senior technology writer reports that his hunt for a reliable ISP "led me on a convoluted journey through accusations and counteraccusations, companies with shadowy leadership and those with conflicts of interest, and VPN ratings sites that might be even shadier than the companies they're reviewing."
Many VPNs appear to be outright scams. Others make internet browsing sluggish. Free versions bombard you with ads. It's a world so thicketed that the leading firms and experts can't agree on the basic criteria for what counts as "reputable," let alone which companies best meet that description. The CEO of one top VPN company, Silicon Valley-based AnchorFree, told me in a phone interview that he suspects one of his top rivals is secretly based in China -- which would raise a red flag for many privacy advocates because of the Chinese government's aggressive surveillance regime... [But] many VPN users consider offshore providers preferable to U.S.-based firms. AnchorFree, for its part, has been dinged by reviewers for running a free, ad-supported VPN, which some privacy experts consider a conflict of interest. (It also offers a paid VPN service.) The two companies point to dueling trust reports by outside groups, each of which appears to reflect well on the firm that's touting it, thanks to different methodologies. "It is fascinating the amount of sniping that goes on" between VPN companies, said Joseph Jerome, who has closely studied VPNs in his role as policy counsel for the Privacy and Data Project at the nonprofit Center for Democracy & Technology. "They are very quick to pull out knives and shiv each other...."
< article continued at Slashdot's it's-complicated department
>Read Replies (0)
By EditorDavid from Slashdot's ACGT-meets-SBPZ department
Joe_NoOne (Slashdot reader #48,818) shares this update from Nature: The DNA of life on Earth naturally stores its information in just four key chemicals -- guanine, cytosine, adenine and thymine, commonly referred to as G, C, A and T, respectively. Now scientists have doubled this number of life's building blocks, creating for the first time a synthetic, eight-letter genetic language that seems to store and transcribe information just like natural DNA.
In a study published on 22 February in Science, a consortium of researchers led by Steven Benner, founder of the Foundation for Applied Molecular Evolution in Alachua, Florida, suggests that an expanded genetic alphabet could, in theory, also support life. "It's a real landmark," says Floyd Romesberg, a chemical biologist at the Scripps Research Institute in La Jolla, California. The study implies that there is nothing particularly "magic" or special about those four chemicals that evolved on Earth, says Romesberg. "That's a conceptual breakthrough," he adds... Benner says that the work shows that life could potentially be supported by DNA bases with different structures from the four that we know, which could be relevant in the search for signatures of life elsewhere in the Universe...
The researchers call the resulting eight-letter language 'hachimoji' after the Japanese words for 'eight' and 'letter'. The additional bases are each similar in shape to one of the natural four, but have variations in their bonding patterns. The researchers then conducted a series of experiments that showed that their synthetic sequences shares properties with natural DNA that are essential for supporting life... Benner's group previously showed that strands of DNA that included Z and P were better at binding to cancer cells than sequences with just the standard four bases. And Benner has set up a company which commercialises synthetic DNA for use in medical diagnostics.Read Replies (0)
By EditorDavid from Slashdot's sharing-the-software department
Winnipeg's police department used encrypted radios to stop the public from listening in to their conversations with police scanners. But did they pirate their software keys?
Long-time Slashdot reader Curtman shares this report from CBC News:
Winnipeg police have arrested a manager with the city for allegedly updating police radios with fraudulent software he got from a person considered to be a security threat by the U.S. Department of Homeland Security, CBC News has learned. Back in 2011, Ed Richardson allegedly obtained millions of dollars worth of illegal software and instructed city employees to use it, police said in a January 2018 sworn affidavit, submitted to the Provincial Court of Manitoba when officers were seeking permission to search the man's emails...
In the affidavit, police said the Motorola radios needed frequent updating, which could only be done if the city purchased a "refresh key" or licence from the company to unlock the proprietary software. Motorola charged about $94 per update per radio, the document said, and a radio shop employee told police Richardson didn't like that. "[The employee] does not believe his actions were for personal gain; he believes that Richardson likes the idea of not giving more money to Motorola," the affidavit said.
The affidavit alleges that Richardson gave one employee 65,000 refresh keys, and told him that "you don't want to know where these came from."
In the affidavit, the employee adds that they "clearly" didn't come from Motorola.Read Replies (0)
By EditorDavid from Slashdot's angry-accusations department
Big cloud companies are "strip-mining open-source technologies and companies," complains Michael Howard, CEO of MariaDB. At their developer conference, Howard accused "big cloud" of "really abusing the license and privilege [of open source], by not giving back to the community." ZDNet reports:
Even as MariaDB grows by leaps and bounds in enterprise computing at Oracle's expense, Howard sees Oracle and Amazon fighting against it. "Oracle as the example of on-premise lock-in and Amazon being the example of cloud lock-in. You could interchange the names, you can honestly say now that Amazon should just be called Oracle Prime...."
In the first keynote, Austin Rutherford, MariaDB's VP of Customer Success, showed the result of a HammerDB benchmark on AWS EC2... In these tests, AWS's default MariaDB instances did poorly, while AWS homebrew Aurora, which is built on top of MySQL, consistently beat them. The top-performing database management system of all was MariaDB Managed Services on AWS. "My first reaction when I looked at the benchmarks," said Howard, was "maybe there's incompetence going on. Maybe they just don't know how to optimize a DBMS." He observed that one MariaDB customer, one of the biggest retail drug companies in the world, had told MariaDB that "Amazon offers the most vanilla MariaDB around. There's nothing enterprise about it. We could just install MariaDB from source on EC2 and do as well."
He then "began to wonder, Is there something that they're deliberately crippling?" Howard wouldn't go so far as to say AWS is consciously doing a poor job of implementing its MariaDB instances. Howard did say, "And then it became clear that, however, you want to articulate this, there is something not kosher happening." Howard doesn't have much against AWS promoting its own brands... But, if AWS's going out of its way to make a rival service look inferior to its own, well, Howard's not happy about that.
< article continued at Slashdot's angry-accusations department
>Read Replies (0)
By EditorDavid from Slashdot's reusable-rockets department
"SpaceX's Crew Dragon capsule, its first spacecraft designed to carry humans, took flight for the first time Saturday," reports CNN. Slashdot reader Applehu Akbar calls it "a perfect launch," noting the test flight is hauling a sensor-loaded dummy named "Ripley" -- plus a 400-pound cargo of essentials for the International Space Station. Crew Dragon will dock on Sunday, CNN reports, then return to earth five days later. "SpaceX's capsule is now en route to the International Space Station, which flies about 254 miles above Earth at tremendous speeds: about 10 times faster than a bullet."
The successful launch puts SpaceX one step closer to a historic landmark: Crew Dragon could be the first commercially built spacecraft to carry NASA astronauts to orbit. And Crew Dragon -- along with a capsule called Starliner built by Boeing -- could end the United States' decade-long reliance on Russia for human spaceflight...
This marks the first and only demo mission that Crew Dragon will fly without humans on board. If all goes well, the capsule design will undergo a few more reviews and safety checks, and it could be ready to fly two NASA astronauts to the space station in July, based on the space agency's current timeline.
Space.com reports that the reusable rocket also landed safely back on earth about 10 minutes after the liftoff, "acing a touchdown on the SpaceX drone ship Of Course I Still Love You, which was stationed off the Florida coast."Read Replies (0)
By BeauHD from Slashdot's cease-and-desist department
An anonymous reader quotes a report from Bloomberg: Facebook and its Instagram unit sued four companies and three people based in China for promoting the sale of fake accounts, likes and followers that the social network giant says can be used for nefarious purposes. The Chinese companies advertised and created the fake accounts over the last two years and marketed them for sale on six websites, selling them in bulk quantities, according to a complaint filed Friday in San Francisco federal court. "Fake and inauthentic accounts can be used for spam and phishing campaigns, misinformation campaigns, marketing scams, advertising fraud, and other fraud schemes which are profitable at scale," Facebook and Instagram alleged. They said fake accounts were also created on Amazon, Apple, Google, LinkedIn and Twitter. The companies named as defendants -- 9 Xiu Shenzhen, 9 Xiu Feishu, 9 Xiufei and Home Network -- are based in Longyan and Shenzhen. They are affiliated manufacturers of electronics and hardware, as well as providers of software and online advertising services, according to the complaint.Read Replies (0)
By BeauHD from Slashdot's biometrical-devices department
the_newsbeagle writes: In newborn intensive care units (NICUs) today, tiny fragile babies lie in incubators, wired to a variety of monitors that track their vital signs. This mess of wires makes it complicated for nurses to pick up the babies for routine tasks like diaper changes, and makes it hard for new parents to pick up their infants for cuddling. Skin-to-skin contact between parents and infants has been proven not only to help with bonding, but also to have a host of medical benefits for the infants, so the wires that tether babies to their beds are a real problem. At Northwestern University, an electrical engineer who works on flexible, stretchable electronics teamed up with a pediatric dermatologist to invent a solution. They devised a system of stick-on wireless biosensors (with a gentle adhesive that's safe even for thin preemie skin) that actually provide more information than today's standard setup. The system "is composed of two sensors, one that sticks to the chest to record electrocardiograms (providing heart rate), another that sticks to the foot to record photoplethysmograms (measuring blood oxygenation) and skin temperature," reports IEEE Spectrum. "The foot sensor required the engineering team to create software that could compensate for movement artifacts in the data. Time-syncing these two sensors also provides a continuous measurement of blood pressure; the system knows when the heart pumps out a pulse of blood and when it arrives at the foot, and that time measurement correlates well with blood pressure." "The sensors use near-field communication (NFC) to connect to a module that can be attached to the baby's bed, and which both receives the data and sends wireless power to the sensors," the report adds. "That module transmits the data via bluetooth to a mobile phone or tablet."Read Replies (0)
By BeauHD from Slashdot's trip-down-memory-lane department
The Economist tells the story of how French chemist Antoine-Laurent de Lavoisier came to publish the first putatively comprehensive list of chemical elements -- substances incapable of being broken down by chemical reactions into other substances -- known today as the periodic table. It was Lavoisier and his wife Marie-Anne who pioneered the technique of measuring quantitatively what went into and came out of a chemical reaction, as a way of getting to the heart of what such a reaction really is. "Where the story of the periodic table of the elements really starts is debatable," reports The Economist, "but Lavoisier's laboratory is as good a place as any to begin..." Here's an excerpt from the report: Lavoisier's list of elements, published in 1789, five years before his execution, had 33 entries. Of those, 23 -- a fifth of the total now recognized -- have stood the test of time. Some, like gold, iron and sulphur, had been known since ancient days. Others, like manganese, molybdenum and tungsten, were recent discoveries. What the list did not have was a structure. It was, avant la lettre, a stamp collection. But the album was missing.
Creating that album, filling it and understanding why it is the way it is took a century and a half. It is now, though, a familiar feature of every high-school science laboratory. Its rows and columns of rectangles, each containing a one- or two-letter abbreviation of the name of an element, together with its sequential atomic number, represent an order and underlying structure to the universe that would have astonished Lavoisier. It is little exaggeration to say that almost everything in modern science is connected, usually at only one or two removes, to the periodic table.Read Replies (0)
By BeauHD from Slashdot's back-from-the-dead department
itwbennett writes: Security researchers at Varonis have uncovered a new attack using a new version of the venerable Qbot malware that "creates scheduled tasks and adds entries to the system registry to achieve persistence," writes Lucian Constantin, reporting on the attack for CSO. "The malware then starts recording all keystrokes typed by users, steals credentials and authentication cookies saved inside browsers, and injects malicious code into other processes to search for and steal financial-related text strings." The researchers "found logs showing 2,726 unique victim IP addresses," writes Constantin, but because "computers inside an organization typically access the internet through a shared IP address, the researchers believe the number of individually infected systems to be much larger." The malware first appeared in 2009 and was found to be uploading 2GB of stolen confidential information to its FTP servers each week by April 2010 from private and public sector computers, including 1,100 on the NHS network in the UK. A modified version of the malware resurfaced in April 2016 that was believed to have infected more than 54,000 PCs in thousands of organizations around the world. As Varonis now reports, Qbot is making yet another comeback.Read Replies (0)
By BeauHD from Slashdot's not-good-enough department
Facebook, Twitter, and Google still aren't doing enough to battle disinformation on their platforms, European Union officials said in a statement released this week. "As part of a plan to fight disinformation on social media, the companies signed on to a voluntary proposal to crack down on the problem last year, which included making plans to increase transparency and fight fake accounts," reports The Verge. "The European Commission is now publicizing monthly progress reports on the topic, and has released the first, covering January." From the report: In the statement, the officials criticized the companies' responses, saying "we need to see more progress." "Platforms have not provided enough details showing that new policies and tools are being deployed in a timely manner and with sufficient resources across all EU Member States," the statement said. "The reports provide too little information on the actual results of the measures already taken."
Facebook, Twitter, and Google were each singled out for not providing enough information in their reports to officials, who said in today's statement that they remain "concerned by the situation." The statement pressed the platforms to move faster ahead of European Parliament elections in May. In an accompanying op-ed in The Guardian this week, EU commissioners said, "if we do not see sufficient long-term progress, we reserve the right to reconsider our policy options -- including possible regulation."Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
One of the prototypes Alphabet's Sidewalk Labs is working on for its planned neighborhood on Toronto's waterfront is a hexagonal paving system. "The slabs are porous and heated, which may keep snow and ice at bay without salting," reports Engadget. "They're easy to replace, and include LED lights that can, for instance, help direct traffic flow during construction or mark street closures." From the report: Sidewalk will also demonstrate what it's calling a Building Raincoat, an awning it says will help protect sidewalks from wind, rain, sun and snow to make outdoor space usable throughout the year. It attaches to the sides of buildings and is fixed to ground anchors. It's made from a durable, lightweight and transparent plastic called ETFE (Ethylene Tetrafluoroethylene).
In addition, Sidewalk will have a number of art installations at the public event, which "use lighting, projection mapping, mud and other techniques to reflect on relationships between humans and animals in public space, and the broader connection of ecology and urbanism." Some of the works will be projected onto the awning. Along with the prototypes, Sidewalk will discuss some of its broader ideas about how to make its neighborhood livable and accessible, in part through affordable housing and its transit system.Read Replies (0)
By BeauHD from Slashdot's number-porting-attacks department
An anonymous reader quotes a report from Ars Technica: A bad security decision by Comcast on the company's mobile phone service made it easier for attackers to port victims' cell phone numbers to different carriers. Comcast in 2017 launched Xfinity Mobile, a cellular service that uses the Verizon Wireless network and Comcast Wi-Fi hotspots. Comcast has signed up 1.2 million mobile subscribers but took a shortcut in the system that lets users switch from Comcast to other carriers. To port a phone line from Comcast to another wireless carrier, a customer needs to know his or her Comcast mobile account number. Carriers generally use PINs to verify that a customer seeking to port a number actually owns the number. But Comcast reportedly set the PIN to 0000 for all its customers, and there was apparently no way for customers to change it. That means that an attacker who acquired a victim's Comcast account number could easily port the victim's phone number to another carrier. Comcast told Ars that "less than 30" customers were affected by the problem, that it has implemented a fix, and that the company will eventually roll out a real PIN-based system to further protect customers. But Comcast declined to describe the recent fix in any way, saying that information could help attackers. Comcast also did not say when its new PIN-based system will be ready. Here's what Comcast had to say about the changes it's made and will make: "We have also implemented a solution that provides additional safeguards around our porting process, and we're working aggressively towards a PIN-based solution. We are reaching out to impacted customers to apologize and work with them to address the issue. We take this very seriously, and our fraud detection and prevention methods, policies and procedures are continually being reviewed, tested and refined."Read Replies (0)